Privacy

Overview

Protecting your privacy

Our business is built on integrity, and SailPoint is committed to protecting the personal information of its customers, business partners, employees, and stakeholders. SailPoint utilizes privacy by design to build privacy into our products, services, policies, and procedures to ensure compliance with evolving regulations and customer expectations.

At SailPoint, we are committed to respecting your privacy. We recognize that when you choose to provide us with information about yourself, you trust us to act in a responsible manner and to protect and safely manage any personal information that you share with us. This Privacy Statement explains who we are, how we collect, share and use personal information we collect about you and how you can exercise your privacy rights. If you apply to work as an employee or contractor, please see our Job Applicant Privacy Notice for specific information on how we use your personal information.

In the course of providing products and services, SailPoint may process personal data provided to SailPoint by our customers. SailPoint offers a Data Processing Addendum (DPA) to incorporate relevant provisions of the General Data Protection Regulation (GDPR) and the UK Data Protection Act of 2018 (UKDPA) into customer agreements.

SailPoint makes an affirmative commitment to adhere to the EU-US and Swiss-US Data Privacy Framework Principles, as well as the UK Extension to the EU-US Data Privacy Framework, and maintains a Data Privacy Framework Certification. The Data Privacy Framework Principles define a set of requirements that govern the use and handling of personal data transferred from the European Economic Area (EEA) as well as access and dispute resolution mechanisms that participating companies must provide to EEA citizens. The European Commission has adopted the EU-US Data Privacy Framework, and the UK has adopted the UK extension of it (UK-US Data Bridge), and both concluded that the United States ensures adequate protection under these respective frameworks – comparable to that of the European Union and the UK – for personal data transferred from the EEA and the UK to US companies certified under these frameworks.

Where personal data originates from Switzerland and is transferred to the US, SailPoint is certified with the Swiss-US Data Privacy Framework and is committed to adhering to the principles of this framework. SailPoint acknowledges that organizations cannot rely on this framework for data origination from Switzerland until the Swiss Federal Administration grants its adequacy decision on the framework. Therefore, in addition to the Swiss-US Data Privacy Framework, our DPA incorporates the protections afforded by the EU SCCs. Our DPA is included in our standard terms for EMEA customers and is an option for all other customers where appropriate. Our standard contract terms are available at https://www.sailpoint.com/legal/customer-agreements/.

As required by the GDPR, UKDPA, and other privacy regulations, SailPoint provides users with information regarding affiliates and third-party vendors we engage as sub-processors to assist in providing SailPoint solutions and services.

Further details on SailPoint’s privacy and data protection practices are set forth in our Privacy Statement, Terms of Use, Cookie Notice, and other notices.